MyZimVote Website A Security Risk

So last week there was a rush to publicise a website called myzimvote.com which one could use to see if they are registered to vote.

Sounds noble right? Like it makes life simply for many people. They can just put their ID number into some box and runs a query and hey-presto, you know whether you re registered to vote.

For some reason we just failed to publicise this site, until we started wondering:

Where did they get all that information from?

Who sanctioned it, i.e. who gave it to them?

How does a random organisation have a database of every single person on the voters’ role?

You see what it means is that if someone knows your ID number they can simply use the system to gain information about you is available. There is no security wall preventing random checks. So even if it was sanctioned by the Zimbabwe Electoral Commission – which it hasn’t – then it is an identity thief’s paradise.

Some think just because you simply enter an ID number there is no risk. Well, an ID number opens a lot of doors. If the person knows you are registered to vote, where you are registered, they know where you stay -proof of residence remember – where you come from, among other things. At the end of the day, they can have fun with your identity.

Alarmingly, there is nowhere on the website where they say that they will not share your information with anyone. So essentially that database could be sold to the highest bidder.

Somebody tweeted me saying you can buy a digital copy of the voters roll from the RGs office. Thats even scarier!! Really?? Say it ain’t so!

http://www.3-mob.com Three Men On A Boat

Well if you can, is there something that stipulates what you can and cannot use it for?

Mal Mupa

My point exactly. Once somebody has that info they can do anything with it. How do they control what people that access the data base will use it for. That information should be private. Identity thieves surely can feast on this

http://www.3-mob.com Three Men On A Boat

Well these are real issues being ignored

Munhuwozvake

They use the voter’s roll which is a public document available for anyone at a price from ZEC. They just developed a database using that information. There is nothing out of the ordinary about what they did coz everything was provided for them through the roll. Go to ZEC and you can buy the roll. Regarding ID numbers they already have them so if they wanted to fraud anyone they would do it without you having to punch it in anyways. Hameno

Myk

just before the last elections there was an issue of digitisation of the voter’s roll and many organisation did get the electronic copy and there were even pdf which did not hide anything I can send you one pdf which i obtained then. I doubght if the one you have has new voters, some who registered long time ago there is no address.

http://www.3-mob.com Three Men On A Boat

But the issue here is why is this information available without security on the net. At least if I registered for the site and could only search my information then fine.

Boardhouse

but if someone already knows your id number then chances are high they already know all the info about you that is availble on the my zim vote page

http://www.3-mob.com Three Men On A Boat

Someone can run a numbers game using a computer programme and harvest details

Boardhouse

true but most details are easily availble on facebook, plus zim is not yet that digitalised that people can fear too much, not many people do internet banking ,online purchases etc so having my name and id number and adress is no real threat.

http://www.3-mob.com Three Men On A Boat

Are you serious?????

Mwalimu

I personally do not care of the privacy implications at this ppoint in time. The alternative of being a guest of Tobaiwa for hours on end at snail pace queues is motivation enough for me to sell my privacy.

http://www.3-mob.com Three Men On A Boat

In the long run you will

Shingaic

Thing is, a physical copy of the Voters roll is available for sale at any ZEC offices. So any Tom, Dick & Bongani can just go and buy one. What i noticed is that people from this end of the world hardly realise the importance of personal information and what can happen if it gets to the wrong hands. Once your information is leaked, you can never unleak it. i just hope and pray that website can weather a wave of malicious hacking…

http://www.3-mob.com Three Men On A Boat

When you buy it, is it meant for public consumption?

Shingaic

No, ofcourse its not. But who’s out there to monitor that its not being abused?

http://www.3-mob.com Three Men On A Boat

Well I m refusing to be abused

zettie

Like somebody already pointed out, if the ID thieves already have your ID no. they pointedly already have all the info they need, haven’t they???

http://www.3-mob.com Three Men On A Boat

Not necessarily

fiend

Well, if ZEC did its part we wouldnt have had to be relying on third parties to verify registration. It is such a simple thing to create a database from which to search. Can be done within hours.

Personally, I dont use it.

As for the risk of breach of privacy… it only applies to it being digitally available to other 3rd parties on the internet. Since it is publicly available, we are already exposed. It just broadens the risk but that info is already public.